When using my Ubuntu I used to make the following pattern, whenever an update symbol showed up in the "taskbar" above (in gnome it's the upper panel), I clicked on it, entered my password to sudo up the privileges of the update process, and installed the needed packages to the machine.
Then I thought, wait a mintue, this is happening all too often! The only security signature I trust here is the shape of the symbol on the taskbar! A malicious program can immitate the update GUI, and lure me to leverage its permissions very easily. It can't be that bad, I thought, I can probably only sudo a known program. Alas, in the latest version of Ubuntu the sudoers file says %admin ALL=(ALL) ALL and the default user is indeed in the admin group. Is that really a problem (I'm probably not the only one who noticed it)? Is it like that in other distributions? In Windows when you're asked to leverage a permission of a program, it shows you the digital signature of the executable asking for privileges (or at least that's how it looks like in the dialog), which is not a very good solution IMHO, but it's at least better than nothing.
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
